ICO Spotlight: Interview with Vasja Bočko, CEO of Iryo
Coinschedule: Encrypted health records – Where did that come from? What’s the story?
We believe that so far technology has actually let down the whole healthcare community. Whereas IT has really helped other industries become more efficient and helped consumers use services more effectively, the same is not the case in healthcare. There are many reasons for this, including cultural and political barriers, but it is certainly true that most European citizens can think of examples of healthcare IT failures in their own systems.
Coinschedule: What is Zero-knowledge data storage and how is it different from distributed data storage methods?
The notion that privacy and control come through centralized regulation is an incorrect one, the effective management of data happens when an individual has full control over his or her device.
Iryo perceives the medical data it holds as a “toxic asset”, because we believe that holding too much data in one place presents too large a liability risk.
The solution to managing this risk is zero-knowledge data storage which is resistant to all attacks, including state-actors or “inside jobs’’. This works by way of users encrypting their data on their mobile device(s) with a public key.
A private decryption key remains on the patient’s device. Whenever someone wants to access patient data (a doctor or researcher, for example) the patient has to approve their access. This will be done by the patient clicking “yes’’ in their Iryo EHR app. This gives a re-encryption key to the doctor’s public key. You can read more under the “Private key management section” to understand the details of this process and the application to the edge cases.
Copies of encrypted health records are stored on three geographically and managerially redundant storage nodes.
Coinschedule: Does Iryo network store data on public blockchain? If yes, isn’t it contrary?
Contrary to popular belief due to aggressive marketing, blockchains are not a good solution for storing data. Each piece of information that you store in the blockchain sits in hundreds or more nodes (more than 100 000 in case of the Bitcoin), making it very costly. This is why the Iryo Network doesn’t store data on blockchain but uses blockchain to ensure the transparency of transactions.
Some projects pretend to be using blockchain by using ’private chains’ which are usually just re-branded databases. Private chains use some elements of blockchain technology but miss key elements thereof like the oversight offered over the validity of the stored data.
Public blockchains are mainly used for two things; value transfer (including initial creation and distribution) and trustless timestamping of the messages.
Coinschedule: How are you planning to implement Artificial Intelligence over it?
Iryo network is using the AI learning on the distributed and encrypted data from the users of Iryo network. Since the data is encrypted and not even AI can access it without patient permission, we are using the so-called “analyze in place” anonymous query which takes data, applies a formula to it and then only sends back the result of the query without leaking any personal information that can be compared with other databases.
At the same time, the researchers are using Iryo tokens to incentivize the patients to share their anonymized data, which is then used in clinical research.
Coinschedule: From each side, what benefit does it provide to medical practitioners and patients?
Researchers will have access to larger research populations which would result in more robust research results. They will be able to use the Iryo Research Portal to enroll people with specific health conditions as determined by parameters selected by them. Direct access to EHRs of specifically defined patients can decrease the time required for patient recruitment, thereby potentially decreasing pre-recruitment process costs. Typically, recruitment agencies and services need to first attract potential patients and then check their eligibility. This can be a lot more time consuming than a query in the Iryo Network.
Patients will be alerted to their identified modifiable risk factors for disease and indicators that may suggest the early onset of disease. Once correlations are clinically verified, users would get the anonymous queries that would seep into their data and present them with actionable advice. For example, they will receive information on which health care provider they need to consult and which tests would be beneficial for them to have. Those queries would not be reported back and would remain on the patient’s phone. With Iryo’s innovative design, patients now have the option to not share their health information but still receive research results – something that has not been achieved until now.
Coinschedule: What is the utility and mechanics of IRYO tokens?
- All institutions would have to provide a stake of $10 000 worth of IRYO tokens for their accounts (this value is adjustable). This would serve as spam protection – the app won’t ‘talk’ to 1 000 fake institutions that do not have IRYO tokens who would most likely be attempting to spam users. It would also act as a transparent metric on the chain. More accounts with enough tokens should mean more institutions are using the system. Institutions would include organizations such as hospitals, clinics, and research institutes.
- The clinic staking requirement would be used to cover the cost of storing EHR data for their patients. Should the data per patient exceed the threshold, clinics would have to stake more tokens to cover the cost of data storage. Patients would be able to cover their storage costs by staking coins themselves; that way they can become independent in storing as much data as they want to (as long as a sufficient number of coins are staked). If they exceed the limit, or the staking requirements suddenly change, they would not lose the data but, over time, their access would be increasingly limited until the stake is supplied.
- Actual hardware costs would be covered with 1% yearly inflation. Therefore, more data stored would mean more coins staked, which, in turn, provide price pressure to make that 1% yearly inflation worth enough to cover all the storage cost (and then some).
- With health record query tokens researchers would be able to incentivize end users to allow anonymized queries. Health data never leaves the patient’s device (phone), or the device of the doctor whom the patient has assigned access privileges to. Researchers would have to buy the tokens from the market and distribute them to the users that allowed the queries on their health data to be executed. The amounts can be very small and sent to thousands of people at the same time. High fees could kill this model.
- Cases of medical emergency. When a patient can’t give consent for access to his health data, the hospital can lock $1 000-worth of tokens (adjustable) in the smart contract which gives the patient permission to withdraw the tokens in one month’s time if the access was not illegitimate. If it was a true emergency, the patient (or their doctor with pre-approved access to the patient’s medical records) would confirm access the next day and the smart contract would return the funds to the hospital. If no action is taken within one month, the funds are refunded to the institution that staked them.
- Services in the clinics who have adopted Iryo could be paid with IRYO tokens instead of credit cards. Volatility, usability challenges with the security of tokens and the limited ability of the end user to purchase tokens on short notice would probably result in this option being used infrequently and/or when patients is traveling abroad.
Coinschedule: Will your clients (clinics and patients) be able to pay through IRYO tokens for the services?
When it comes to the token economy aspect, we now have thousands of different tokens or coins or cryptocurrencies out there. Clearly, not all of them will survive but what is important about the growth of the token economy is that using tokens helps to align the interests of end users with other actors in the system.
Our current, outdated health systems usually have a top-down approach that doesn’t incorporate the users’ point of view at all. Healthcare IT solutions are sold business-to-business so they tend to serve the needs of the system rather than of the patients. By issuing tokens, suddenly you involve patients directly in their care and you are telling them that their opinions matter. End users can be part of the system and influence how it operates which will drive change from the bottom up and fundamentally alter the landscape of healthcare technology.
When a patient can’t give consent for access to his health data, the hospital can lock $1000 – worth of tokens (adjustable) in the smart contract which gives the patient permission to withdraw the tokens in one month’s time if he deemed access unjustified. In case of a legitimate emergency access, the patient (or their doctor with pre-approved access to the patient’s medical records) would, when able, confirm the emergency access and the smart contract would return the funds to the hospital. If no action is taken within one month (or other specified timeframes), the funds are returned to the institution that staked them.
Volatility, usability challenges with the security of tokens and the limited ability of the end user to purchase tokens on short notice would probably result in this option being used infrequently. With mature adoption, we could see tokens being used in situations where transaction costs using traditional payment methods are prohibitively high.
Coinschedule: Can you brief us a little about 1% yearly inflation rate mentioned in your whitepaper?
The aforementioned 1% yearly inflation would cover the storage costs and offer the development subsidy to ensure continuous Iryo Network development and provide sustainable future for IRYO token holders, even when the initial funds run out. Until the platform is unavailable to the public, the inflation tokens would be burned.
The 1% inflation recipient would be a multi-signature account controlled by Iryo. Iryo would issue reports on how this money was spent. Should the token holders not be pleased with the development of the service, they would be able to fork the token contract to a new one, which doesn’t have a development subsidy or has a different group who collects the inflation.
Coinschedule: What are the security risks associated with it? What if the patient loses the key or device?
If you lose your keys, you lose the data, credentials, and value that is encrypted. It is for this reason that encrypted services provide a nerve-wracking experience for most people. Some services are trying to solve this problem with recovery codes that should be printed out and put into a safe drawer.
It is safe to say that there is no mobile printer on your phones, and there is no mobile safe drawer. Most people don’t have “safe drawers”, not even in their homes. In reality, this approach is not practical for the user and rather has a stronger role in providing the service provider with immunity against legal and reputational liability.
While many other projects re-introduce centralized solutions for key recovery, the Iryo Network takes a different, more distributed route.
In the Iryo Network, private keys are everywhere. These keys can be grouped into patient keys, doctor keys, clinic keys, Iryo keys and token holder keys.
Assuming that the patient doesn’t have a second device with the same key, (patient medical data encryption key), the simplest answer is that they can visit their doctor, who can use his device to issue a re-encryption key back to patients’ new device. Together with signed permission message, this would replace patient’s wallet private key with a new one.
If a patient doesn’t want to visit his doctor every time their device gets destroyed, they can save (and move) the key to the ZeroPass app (explained later in this paper) using a one-click magnet link. When keys are protected with ZeroPass, a patient can revoke the ability of his doctor to re-assign his key, leaving the patient in full control.
If the patient’s personal doctor performs an ‘access recovery’ instead of recovering a master key via ZeroPass, the patient’s wallet would be emptied. This is because the doctor can’t recover the actual keys but can only give access to patient’s new key. Using ZeroPass solves this problem. Whenever a patient receives an IRYO token he will be asked to secure them within the ZeroPass web of trust.
The ZeroPass’ distributed and trustless recovery service can be used. In practice, patients would simply click on the magnet link inside the IryoEHR app, that would save (and move) all his/her keys; from IryoEHR to the ZeroPass app, automatically.
For clinic and Iryo keys, the ZeroPass 4Teams app would be used.
Coinschedule: We’re also excited to know about your current and future partnerships.
Right now, we are most proud of our partnership with a global NGO Walk with me which is helping out refugees throughout the Middle East. We are providing them with the IT infrastructure needed to improve the quality of healthcare for the refugees in their camps. Medical care is currently provided in prefabricated containers with fully stocked with basic medical equipment.
Tele-consults are provided through the collaboration with Ver2 — Dubai based telemedicine company, whose CEO Brian de Francesca is in the Iryo advisory board. Initial deployment of the Iryo EHR system will begin in refugee camps located throughout the Beqaa Valley of Lebanon, soon followed by the implementation in five other countries (Syria, Jordan, Iraq, Egypt, and Djibouti).
Iryo is discussing deals with telemedical providers which would like to use Iryo network for a structured, safe and transparent mean of exchanging data between the supply and demand side. Iryo is also in talks with some other healthcare providers and will share more information as soon as we are able to. Iryo has a contract signed around R&D of augmented reality using holo-lens for the purpose of accessing and presenting medical data in medically stressful environments, demanding extremely fast response (ER activity).
Coinschedule: And who are the brains behind this exceptional idea? Can you run us through their credentials?
The Iryo team was assembled and initially funded by 3FS — an innovative Slovenian IT firm focused on providing digital consulting to Fortune 500 companies across the globe. The products & services deployed by 3FS are extremely robust and large-scale, built by some of the most talented developers in the world. The Iryo team is fortunate to have access to its R&D ar and proud to have such a collaborative and supportive team backing its efforts.
Slovenia currently ranks 3rd amongst the number of ICOs per million inhabitants. The strong tech community gives Iryo immense support with the development of blockchain solutions and access to legal experts.
Vasja Bočko (CEO) was a product lead at 3FS for over two years. Soon after, joined Bitstamp as a senior product manager — one of the oldest and most respected cryptocurrency exchanges in the world. There he gained a deep understanding of blockchain and cryptocurrency related processes. He has a background in finance, IT and political science.
He briefly worked in the financial industry before diving headfirst into disruptive tech. He worked for a Swiss startup, delivering a music streaming service shortly before joining 3FS, where he was directly involved in supporting the biggest social media network in Mexico. At its peak, the network was supporting more traffic than Wikipedia globally.
Vasja has recently worked as a consultant to Fortune 500 companies and strongly believes that blockchain has the potential to revolutionize industries that have traditionally seen little advances through IT. As leader of the Iryo team, Vasja will aim to build the next generation healthcare platform, addressing current downfalls like data security, global interoperability and self-sovereign medical identity.
Dominik Žnidar (CTO) is a senior backend developer, specialised in Golang, Erlang and PHP programming. He has been with 3FS for over 3 years, working shoulder to shoulder with Vasja on highly demanding, large-scale IT projects. Before joining 3FS, he worked with Spil games in Amsterdam, ensuring their high traffic web-apps worked smoothly.
Tjasa Zajc (Business Developer & Healthcare Communications Manager) worked as a healthcare and medical journalist prior to joining Iryo. She researches global trends in healthcare through the production of a podcast Faces of Digital Health. She holds a masters degree in health management and economics, has the expertise and an extensive network in digital healthcare. She is part of different international healthcare organizations such as Startupbootcamp, Digital Health Berlin, and Future for health (FTR4H). Tjaša has organized three international conferences on digital healthcare in Slovenia and participates in various international healthcare events as a speaker and a moderator.
Peter Kuralt, (Head of Strategic Development) is responsible for Iryo’s operations and R&D. He has extensive experience in product development, project management, and strategic branding. He has worked with 3FS on two independent projects as project manager and worked as an application engineer with SRC Infonet — the biggest healthcare IT vendor in Slovenia. He has a background in philosophy, is certified in AWS Associate developer and currently leads a team that is researching augmented reality solutions (Hololens) within the healthcare industry.
Luka Perčič (Lead Blockchain Researcher), is the founder and CEO of ZeroPass. He is the creator of the ZeroPass Security System (a private key recovery manager) and the driving force behind the ZeroPass team. He is the lead blockchain specialist for the Iryo team, responsible for building and maintaining the token distribution protocols. He is a passionate inventor and tinkerer. His first project was Keyboarder, a machine learning, typing assistant. He is passionate about data security and enforcing highly effective protocols regarding the security and privacy of his end-users. He has been closely following the development of cryptocurrencies and blockchain solutions since 2011. Luka testified as an expert witness in a deep-web related legal case in Slovenia.
Črt Vavroš (Blockchain Developer and IT Security Advisor), is co-founder and CTO of ZeroPass. He’s in charge of the security behind the Iryo ledger and smart contracts. Graduated from the Faculty of Computer and Information Science in Ljubljana. Črt has more than six years of experience in software development, computer security, and cryptography. He has an unparalleled vision, which inspired the innovation and design behind the ZeroPass keychain & private key recovery manager. He has been working on different projects on a variety of international teams. He’s been a software developer, project manager, and a security advisor). Some of his most notable work includes developing the secure backup software solution at Virgo-In, Sarl (France) and developing the payment protocol based on bitcoin blockchain technology at Inovatium d.o.o. (Slovenia).
Coinschedule: Any last word on blockchain technology and how excited you and your team are to be the part of this revolution?
Being involved in the Iryo project, presenting it all over the world in New York, Singapore, London, Geneva, Dubai, San Francisco, Bangkok and Austin we could see the genuine interest in the problems we are trying to solve with Iryo. The digitalization of healthcare across the world is plagued by many problems that exist because of vendor lock-in, legacy software, insufficient privacy, and security awareness. At the same time we have been talking to doctors and medical staff, decision-makers and users of medical services noticing the prevailing sentiment – we can do better. We are hoping Iryo will be a small piece of the puzzle.